Ctrlk
Tonic.ai

Connecting through Tailscale

Tailscale is a managed virtual private network (VPN). It creates a private mesh network called a tailnet.

Every device on the tailnet then receives a stable private IP address, and can communicate directly to every other device.

Enabling the connection from Structural

To allow Tonic Structural to reach a database through Tailscale, you:

  1. Add the database server as a node on your tailnet, either directly or behind a subnet router.

  2. Provide Structural with:

    1. An OAuth client credential.

    2. The access control list (ACL) tags for Structural to advertise when it joins the tailnet. Your tailnet ACL policy must allow those tags to reach the database's IP address and port.

Configuring Tailscale tunneling

From the workspace configuration, to connect through Tailscale:

  1. If the connector supports multiple tunneling options:

    1. Toggle Enable Connection Tunnel to the on position.

    2. From the Tunnel type dropdown list, select Tailscale Tunnel.

    If the data connector only supports Tailscale tunneling, then it is selected automatically.

  2. In the Tags field, provide a comma-separated list of ACL tags to use to join the tailnet. For example, tag:tonic-worker.

  3. Optionally, in the Control Server URL field, provide the URL. This is intended for customers who use Headscale or a self-hosted Tailscale control plane.

  4. In the Tailscale Auth Key field, provide a Tailscale OAuth client credential. Structural does not support other types of Tailscale keys, such as user auth keys. You create the credential from the OAuth clients page in your Tailscale admin console. If secrets managers are available, you can instead select a secret name from a secrets manager.

Last updated

Was this helpful?